Question: void testFunc ( int a, double b) { char buf [10]; // line 1 int v1=0; // line 2 gets(buf); // line 3 printf(buf); //

void testFunc ( int a, double b) {

char buf [10]; // line 1

int v1=0; // line 2

gets(buf); // line 3

printf(buf); // line 4

}

a) what is the name of this vulnerability?

b) in which line does it have the vulnerability?

c) what are the two goals of an attacker for exploiting the vulnerability?

d) Assume that both the size of return address and base pointer are two bytes. Give example of an attack input that will overwrite the return address and store attackers code onto the stack. show the stack frame after the overwrite is done.

e) what are the three challenges for the attacker? how the first two challenges are addressed?

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Answer the following questions about the vulnerable code below void test Fune(int a, double b) { char buf(10); //line 1 gets (buf): //line 2 int v1 - 0 //line 3 printf (buf): //line 4 a. What is the...

Q:

Study the following code segment and identify the line that will cause a syntax error void Secret (ints x, double y - 12.34, char z ='); line 1 int main() //Line 2 int a 23; //Line double b- 48.787...

Q:

Consider the functions below, with both C code and compiled assembly provided. Recall that gets (buf) simply copies input in to buf. The inintial values of rsp, rbp, and rip are provided. The initial...

Q:

I need this in c programming assignment is given and also code is given you just have to code the lines where it says TODO here please edit the code that i have given and please send me screenshot of...

Q:

URGENT! Can anyone please do this? Its for linux. I am using Mobaxterm. Like how will I do it? Please tell me the steps. I need it for this week. Will upvote. This was question 1 which I already did....

Q:

Assuming that the user enters 45 and 62 as inputs for n1 and n2, respectively, what is the output of the following code snippet? System.out.print ("Enter a number: "); Scanner in = new Scanner...

Q:

Here is a incomplete pos server program, receiving input from posclient, inserting traction detail data into sql database. create a database Client Server Program Search TMA02 in POSServer.java, to...

Q:

URGENT! Can anyone please do the main code in language C? Its for linux. I need it for this week. Will upvote. Here are the codes for quadratic, triples and modsum in C. quadratic.c #include #include...

Q:

NOTE THIS IS VERY SIMILAR TO THE OTHER POST ON CHEGG, BUT THIS HAS A TWIST DIFFERENT TOKENS INCLUDING THE ScientificLit and how to check scientificlit format is proper when making it into a token....

Q:

#include #include #include const char code () = "\x31\xc0" /* Line 1: xorl %eax, %eax*/ "\x50" /* Line 2: pushl %eax */ "\x68" "//sh" /* Line 3: pushl $0x68732f2f */ "\x68""/bin" /* Line 4: pushl...

Q:

Culligan Inc. has current assets of $5,300, net fixed assets of $26,000, current liabilities of $3,900, and long-term debt of $14,200. What is the value of the shareholders? equity account for this...

Q:

During its first three months of operation, Palimino's sold gift cards in various amounts totaling $5,200. The gift cards are redeemable for meals within one year of the purchase date. Gift cards...

Q:

For variables x , y , and z , you have the following rules andfuzzy membership functions. When you have input values ( x = 3 . 2 and y = 9 ) , what will be theoutput value for Z ? You have only 3...

Q:

A financial manager facing a capital budgeting decision must decide whether to: Select one: a . buy new machinery or repair the old. b . use the money market or capital market. c . use primary...

Q:

the Business Leaders Programme, which addresses the needs of the changing roles of newly appointed managers and professionals, and develops business understanding and leader skills in the changing...

Q:

The new Growth, Employment and Redistribution policy (GEAR) which was presented to parliament in June 1996 has continued to attract criticism from the trade union movement for its implications for...

Q:

The number of people completing their artisan training in 1992 was 5,588: less than half the 1985 figure.